subdissector the first fragment of a fragmented message so that an exception
in the first chunk doesn't abort dissection of subsquent chunks in the frame.
Restore pinfo->private_data after an exception was thrown by a subdissector.
This is necessary in case a subdissector had changed it but was unable to
restore it (due to the exception).
svn path=/trunk/; revision=34420
In some cases, the UMTS FP dissector currently calls upper-layer dissectors
(e.g. UMTS MAC) only when a proto-tree is present. Effectively, this causes the
RLC reassembly to fail in certain cases.
The attached patch solves the problem by slightly moving the calls to
'call_dissector()'.
svn path=/trunk/; revision=34399
From me: Two additional fixes for FIELD_PACKET dissection;
Revision of the original patch from Alexis to
properly dissect a SHOW_FIELDS response message.
svn path=/trunk/; revision=34395
Don't pass a NULL pointer to a string to ssl_debug_printf() (which eventually
calls vfprintf()): Solaris doesn't like it when you do that.
svn path=/trunk/; revision=34386
Rename two g_... functions so as to not be in GLib namespace;
Move proto_register... to just before proto_reg_handoff...
Reformat some lines;
More Whitespace cleanup.
svn path=/trunk/; revision=34354
- decode all attributes as specified in MS-NLMP;
- use common code for target-info and ntlmv2 attribute dissection;
Add filter for the "version" field;
Remove some obsolete #if 0'd code.
svn path=/trunk/; revision=34350
- packet-cfm.h not used elsewhere: incorporate into packet-cfm.c;
- Move proto_register and proto_reg_handoff to the end of the file;
- Localize some variables;
- Remove some unneeded initializers;
- Cleanu some whitesace.
svn path=/trunk/; revision=34334
- Add packet-reload.c
- Make most packages not-required (not tested)
- Does *not* (yet) add an optional/whatever case to enable_
svn path=/trunk/; revision=34307
don't add a source address field if it's zero-length (fixes bug
2519);
the source address length field is 8 octets long; if the
purported length is > 8, only include the first 8 octets.
svn path=/trunk/; revision=34303
- NEGOTIATE: dissect version field (if present) when empty Workstation domain & name fields;
- AUTHENTICATE: Use flags from message if no previous CHALLENGE seen to determine
character set encoding; Fixes Bug #5251https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5251
svn path=/trunk/; revision=34295
The 6LoWPAN dissector had as a TODO the 'stateful address compression' mode.
This patch fixes that TODO, up to HC-13.
This patch also updates to HC-08, where the PANID is no longer used in forming
the short address.
svn path=/trunk/; revision=34290
1. Negotiation/Challenge/Authoriation messages:
- dissect Version field (if present);
2. Authorization messages:
- Dissect fields following session-key (flags/... if present) even
when session key is empty;
- Dissect "MIC" field (if present);
3. Challenge message:
- Rename "Domain" field to "Target Name" as per Microsoft spec (MS-NLMP).
svn path=/trunk/; revision=34271
Limit the input field for occurrence to 4 characters to prevent an overflow.
Make sure "... as filter" does not result in an invalid filter string if all occurrences are displayed.
svn path=/trunk/; revision=34247
tracking the same data when the headers are different (NAT, TCP seq #
randomization, etc). Copied from packet-frame.c.
svn path=/trunk/; revision=34245
indicate that the last 4 bytes of both types are similar.
So the extra bytes in type III are inserted before those
last bytes.
svn path=/trunk/; revision=34238
- Add decoding of direction bit for version 2 (type III) erspan.
Me:
- Decode the original direction bit as unknown in case of version 2.
- The original unknown3 value seems to indicate whether the packet
was too long to fit into a single mtu (trunkated).
- "Timestamp(s)" -> "Timestamp"
svn path=/trunk/; revision=34221
I try to configure Wireshark with cmake on macosx 10.6.
It fails with : set_target_properties called with incorrect number of arguments.
Attached a patch to fix this issue.
svn path=/trunk/; revision=34201
- Fix incorrect uses of val_to_str which could cause inv mem refs;
- Use tvb_reported_length instead of tvb_length;
- (Trivial) Remove some unneeded '= NULL' initializations;
- (A few other trivial changes).
svn path=/trunk/; revision=34183
We parse host & request page from headers, so we easily can construct full http
uri.
I was thinking about making it as field, so we could filter, print in column
info, or do other fancy stuff, but for now this is imho enough.
From me: add it as a (filterable) item. Clean up spacing and indentation in a
few places.
svn path=/trunk/; revision=34162
- Don't list codecs which are deleted by using port 0.
- Use real concatenation i.s.o. reprint, which seems to fail in some circumstances.
svn path=/trunk/; revision=34154
The NFS dissector (all versions) show access types that have not been requested
to be checked as "not allowed" in the call and reply. This is incorrect and
misleading. At present one must manually compare what was requested in order
to assess if access was actually denied for that type. When there are hundreds
or thousands of these ACCESS requests in a capture, it is not possible or
practical to manually check each one.
The submitted patch does the following:
* Passes the access mask in the call to the reply for comparison
* Adds filterable fields for each supported (v4) and access type
* Adds a pseudo field, nfs.access_denied
* Lists the access types to be checked in the summary and tree
* Separately lists the supported, denied, and allowed access types in the
summary and tree
The changes are applied to all NFS versions.
From me: a couple of small changes to make it compile without warnings.
svn path=/trunk/; revision=34141
Bugs fixed:
- Invalid time display for various time fields;
Millisecs for types 152, 153 are actually stored as 64 bit integers;
Microsecs, nanosecs are actually stored in "NTP format";
Times for fields 158, 159 are relative to "export time";
SystemInitTime displayed incorrectly;
...
- Options template not cached when only scope fields in template.
- Templates not processed on first pass thru capture file:
(In some cases data flows might not be handled until options template later displayed).
- V9: number of options template entries limited to about 8 instead of intended 42;
- Multiple options temlate flows in an Options Template flowset not handled;
- "NotSentOctets" dislayed as "NotSentPackets";
...
Cleanups:
- Options and data template processing code more or less rewritten;
- options template displayed with format similar to that used for data templates;
- Handling and display of PEN field (including use to indicate REVERSE) improved;
- Don't use same filter name for two similar fields which only differ in size;
- Handling & dislay of "variable length" fields improved;
- sminmec lookup (PEN) done only during template processing & cached for later use;
...
- Whitespace/Formatting
svn path=/trunk/; revision=34140
for avoiding doubled definition of a table needed also by a tcap subdissector
plugin a definition in libwirshark.def is needed:
isup_calling_partys_category_value
Me: Change extern to WS_VAR_IMPORT in header file
svn path=/trunk/; revision=34126
Change to using new ENC_[BIG|LITTLE]_ENDIAN instead of FALSE and TRUE
in the proto_tree_add_item() calls for the identifier and sequence numbers.
svn path=/trunk/; revision=34119
Decode of SETCLIENTID calls in the Windows x86 version fail with "[Dissector
bug, protocol NFS: STATUS_ACCESS_VIOLATION: dissector accessed an invalid
memory address]". This error occurs in packet-nfs.c in
dissect_nfs_clientaddr4() where vars 'protocol' and 'universal_ip_address' get
stepped on following the call to scanf(). The b1-b10 vars are declared as
quint8. While "hh" modifier used in the scanf() is documented in Linux to
correspond to an a signed/unsigned char arg, I cannot find a similar
designation in Windows (MSDN). The Windows C compiler interprets %hhu as
corresponding to a int16 rather than int8.
svn path=/trunk/; revision=34115
Incorrect decoding of List of ARFCN in BCCH frequency list.
When the range 1024 is selected, it can happen that 2 bytes need to be read for
W1, and also for W2. In the current version, when W1 ends on a byte boundary,
W2 will get an incorrect value, since it will be truncated by 1 bit.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5214
svn path=/trunk/; revision=34113
http://seclists.org/bugtraq/2010/Sep/87 .
Unfortunately no one from the NCNIPC pen test team has contacted us or
provided a sample capture so the fix hasn't been verified.
svn path=/trunk/; revision=34111
Followup to 34081: move libwsutil _all_ the way forward so that our inet_pton
is always linked in before wsock32's. This means that our Windows-7 Win64
builds (on which there is a native inet_pton in wsock32) will still work on
pre-Vista Win64's.
svn path=/trunk/; revision=34093
option length and values with proto_tree_add_item() intead of _add_text().
The options tree still shows the same information as before until the sub-
tree is expanded.
The goal is to do this with all TCP and IP options.
svn path=/trunk/; revision=34088
I don't want to change get_token_len() to not skip multiple spaces,
because I don't know if other protocols depends on this behaviour.
We should maybe check this...
This fixes bug 5181.
svn path=/trunk/; revision=34063
WIRESHARK_SE_VERIFY_POINTERS that control whether or not we verify if a given
pointer is ep_ or se_ allocated, respectively.
Turn the behavior off by default for speed reasons (the speed difference isn't
huge, but...).
Turn the behavior on when fuzz testing.
Document these two new variables in the man pages.
svn path=/trunk/; revision=34046
Patch that allows the dissection of the Feature Group Indicators bit string. I tested it with our UE and it works fine.
svn path=/trunk/; revision=34035
and when changing profile. Not sure why I have to invalidate cfile.dfilter
in macro_update(), because this will be done in macros_post_update(),
but unless this we get a crash when renaming a macro...
This is a fix for bug 5002.
svn path=/trunk/; revision=34011
1. Re-arrange proto_reg_handoff... code to follow the "standard idiom" for init/set of port prefs;
2. Define all fcns as static (except proto_register and proto_reg_handoff);
3. ethereal --> Wireshark;
4. Remove some uneeded/unused prototypes;
5. Fix a few function description comments.
svn path=/trunk/; revision=34006
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5076
Use:
/*
* Dissect Multiple Choice Message
* This function is used to decode a message, when several encoding may be used.
* For exemple, in the last MAP version, the Cancel Location is defined like this:
* CancelLocationArg ::= [3] IMPLICIT SEQUENCE
* But in the previous MAP version, it was a CHOICE between a SEQUENCE and an IMSI
* As ASN1 encoders (or software) still uses the old encoding, this function allows
* the decoding of both versions.
* Moreover, some optimizations (or bad practice ?) in ASN1 encoder, removes the
* SEQUENCE tag, when only one parameter is present in the SEQUENCE.
* This explain why the function expects 3 parameters:
* - a [3] SEQUENCE corresponding the recent ASN1 MAP encoding
* - a SEQUENCE for old style
* - and a single parameter, for old version or optimizations
*
* The analyze of the first ASN1 tag, indicate what kind of decoding should be used,
* if the decoding function is provided (so not a NULL function)
*/
svn path=/trunk/; revision=34001
TCP bytes_in flight becomes inflated with lost packets
This patch suspends Bytes-in-Flight calculation when missing packets are detected.
svn path=/trunk/; revision=33994